<!DOCTYPE HTML>

<html lang="en">
<head>

<title>Acl (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="Acl (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":6,"i1":6,"i2":6,"i3":6,"i4":6,"i5":6,"i6":6};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="Acl.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Acl.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Acl.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.acls.model</a></div>
<h2 title="Interface Acl" class="title">Interface Acl</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Superinterfaces:</dt>
<dd><code>java.io.Serializable</code></dd>
</dl>
<dl>
<dt>All Known Subinterfaces:</dt>
<dd><code><a href="AuditableAcl.html" title="interface in org.springframework.security.acls.model">AuditableAcl</a></code>, <code><a href="MutableAcl.html" title="interface in org.springframework.security.acls.model">MutableAcl</a></code>, <code><a href="OwnershipAcl.html" title="interface in org.springframework.security.acls.model">OwnershipAcl</a></code></dd>
</dl>
<dl>
<dt>All Known Implementing Classes:</dt>
<dd><code><a href="../domain/AclImpl.html" title="class in org.springframework.security.acls.domain">AclImpl</a></code></dd>
</dl>
<hr>
<pre>public interface <span class="typeNameLabel">Acl</span>
extends java.io.Serializable</pre>
<div class="block">Represents an access control list (ACL) for a domain object.
<p>
An <tt>Acl</tt> represents all ACL entries for a given domain object. In order to avoid
needing references to the domain object itself, this interface handles indirection
between a domain object and an ACL object identity via the
<a href="ObjectIdentity.html" title="interface in org.springframework.security.acls.model"><code>ObjectIdentity</code></a> interface.
</p>
<p>
Implementing classes may elect to return instances that represent
<a href="Permission.html" title="interface in org.springframework.security.acls.model"><code>Permission</code></a> information for either some
OR all <a href="Sid.html" title="interface in org.springframework.security.acls.model"><code>Sid</code></a> instances. Therefore, an
instance may NOT necessarily contain ALL <tt>Sid</tt>s for a given domain object.
</p></div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>java.util.List&lt;<a href="AccessControlEntry.html" title="interface in org.springframework.security.acls.model">AccessControlEntry</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#getEntries()">getEntries</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns all of the entries represented by the present <tt>Acl</tt>.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code><a href="ObjectIdentity.html" title="interface in org.springframework.security.acls.model">ObjectIdentity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#getObjectIdentity()">getObjectIdentity</a></span>()</code></th>
<td class="colLast">
<div class="block">Obtains the domain object this <tt>Acl</tt> provides entries for.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#getOwner()">getOwner</a></span>()</code></th>
<td class="colLast">
<div class="block">Determines the owner of the <tt>Acl</tt>.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code><a href="Acl.html" title="interface in org.springframework.security.acls.model">Acl</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#getParentAcl()">getParentAcl</a></span>()</code></th>
<td class="colLast">
<div class="block">A domain object may have a parent for the purpose of ACL inheritance.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#isEntriesInheriting()">isEntriesInheriting</a></span>()</code></th>
<td class="colLast">
<div class="block">Indicates whether the ACL entries from the <a href="Acl.html#getParentAcl()"><code>getParentAcl()</code></a> should flow down
into the current <tt>Acl</tt>.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#isGranted(java.util.List,java.util.List,boolean)">isGranted</a></span>&#8203;(java.util.List&lt;<a href="Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&gt;&nbsp;permission,
java.util.List&lt;<a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids,
boolean&nbsp;administrativeMode)</code></th>
<td class="colLast">
<div class="block">This is the actual authorization logic method, and must be used whenever ACL
authorization decisions are required.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Acl.html#isSidLoaded(java.util.List)">isSidLoaded</a></span>&#8203;(java.util.List&lt;<a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids)</code></th>
<td class="colLast">
<div class="block">For efficiency reasons an <tt>Acl</tt> may be loaded and <em>not</em> contain
entries for every <tt>Sid</tt> in the system.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="getEntries()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getEntries</h4>
<pre class="methodSignature">java.util.List&lt;<a href="AccessControlEntry.html" title="interface in org.springframework.security.acls.model">AccessControlEntry</a>&gt;&nbsp;getEntries()</pre>
<div class="block">Returns all of the entries represented by the present <tt>Acl</tt>. Entries
associated with the <tt>Acl</tt> parents are not returned.
<p>
This method is typically used for administrative purposes.
</p>
<p>
The order that entries appear in the array is important for methods declared in the
<a href="MutableAcl.html" title="interface in org.springframework.security.acls.model"><code>MutableAcl</code></a> interface. Furthermore, some implementations MAY use ordering as
part of advanced permission checking.
</p>
<p>
Do <em>NOT</em> use this method for making authorization decisions. Instead use
<a href="Acl.html#isGranted(java.util.List,java.util.List,boolean)"><code>isGranted(List, List, boolean)</code></a>.
</p>
<p>
This method must operate correctly even if the <tt>Acl</tt> only represents a
subset of <tt>Sid</tt>s. The caller is responsible for correctly handling the
result if only a subset of <tt>Sid</tt>s is represented.
</p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the list of entries represented by the <tt>Acl</tt>, or <tt>null</tt> if
there are no entries presently associated with this <tt>Acl</tt>.</dd>
</dl>
</li>
</ul>
<a id="getObjectIdentity()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getObjectIdentity</h4>
<pre class="methodSignature"><a href="ObjectIdentity.html" title="interface in org.springframework.security.acls.model">ObjectIdentity</a>&nbsp;getObjectIdentity()</pre>
<div class="block">Obtains the domain object this <tt>Acl</tt> provides entries for. This is immutable
once an <tt>Acl</tt> is created.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the object identity (never <tt>null</tt>)</dd>
</dl>
</li>
</ul>
<a id="getOwner()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getOwner</h4>
<pre class="methodSignature"><a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&nbsp;getOwner()</pre>
<div class="block">Determines the owner of the <tt>Acl</tt>. The meaning of ownership varies by
implementation and is unspecified.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the owner (may be <tt>null</tt> if the implementation does not use
ownership concepts)</dd>
</dl>
</li>
</ul>
<a id="getParentAcl()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getParentAcl</h4>
<pre class="methodSignature"><a href="Acl.html" title="interface in org.springframework.security.acls.model">Acl</a>&nbsp;getParentAcl()</pre>
<div class="block">A domain object may have a parent for the purpose of ACL inheritance. If there is a
parent, its ACL can be accessed via this method. In turn, the parent's parent
(grandparent) can be accessed and so on.
<p>
This method solely represents the presence of a navigation hierarchy between the
parent <tt>Acl</tt> and this <tt>Acl</tt>. For actual inheritance to take place,
the <a href="Acl.html#isEntriesInheriting()"><code>isEntriesInheriting()</code></a> must also be <tt>true</tt>.
</p>
<p>
This method must operate correctly even if the <tt>Acl</tt> only represents a
subset of <tt>Sid</tt>s. The caller is responsible for correctly handling the
result if only a subset of <tt>Sid</tt>s is represented.
</p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the parent <tt>Acl</tt> (may be <tt>null</tt> if this <tt>Acl</tt> does not
have a parent)</dd>
</dl>
</li>
</ul>
<a id="isEntriesInheriting()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>isEntriesInheriting</h4>
<pre class="methodSignature">boolean&nbsp;isEntriesInheriting()</pre>
<div class="block">Indicates whether the ACL entries from the <a href="Acl.html#getParentAcl()"><code>getParentAcl()</code></a> should flow down
into the current <tt>Acl</tt>.
<p>
The mere link between an <tt>Acl</tt> and a parent <tt>Acl</tt> on its own is
insufficient to cause ACL entries to inherit down. This is because a domain object
may wish to have entirely independent entries, but maintain the link with the
parent for navigation purposes. Thus, this method denotes whether or not the
navigation relationship also extends to the actual inheritance of entries.
</p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><tt>true</tt> if parent ACL entries inherit into the current <tt>Acl</tt></dd>
</dl>
</li>
</ul>
<a id="isGranted(java.util.List,java.util.List,boolean)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>isGranted</h4>
<pre class="methodSignature">boolean&nbsp;isGranted&#8203;(java.util.List&lt;<a href="Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&gt;&nbsp;permission,
                  java.util.List&lt;<a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids,
                  boolean&nbsp;administrativeMode)
           throws <a href="NotFoundException.html" title="class in org.springframework.security.acls.model">NotFoundException</a>,
                  <a href="UnloadedSidException.html" title="class in org.springframework.security.acls.model">UnloadedSidException</a></pre>
<div class="block">This is the actual authorization logic method, and must be used whenever ACL
authorization decisions are required.
<p>
An array of <tt>Sid</tt>s are presented, representing security identifies of the
current principal. In addition, an array of <tt>Permission</tt>s is presented which
will have one or more bits set in order to indicate the permissions needed for an
affirmative authorization decision. An array is presented because holding
<em>any</em> of the <tt>Permission</tt>s inside the array will be sufficient for an
affirmative authorization.
</p>
<p>
The actual approach used to make authorization decisions is left to the
implementation and is not specified by this interface. For example, an
implementation <em>MAY</em> search the current ACL in the order the ACL entries
have been stored. If a single entry is found that has the same active bits as are
shown in a passed <tt>Permission</tt>, that entry's grant or deny state may
determine the authorization decision. If the case of a deny state, the deny
decision will only be relevant if all other <tt>Permission</tt>s passed in the
array have also been unsuccessfully searched. If no entry is found that match the
bits in the current ACL, provided that <a href="Acl.html#isEntriesInheriting()"><code>isEntriesInheriting()</code></a> is
<tt>true</tt>, the authorization decision may be passed to the parent ACL. If there
is no matching entry, the implementation MAY throw an exception, or make a
predefined authorization decision.
</p>
<p>
This method must operate correctly even if the <tt>Acl</tt> only represents a
subset of <tt>Sid</tt>s, although the implementation is permitted to throw one of
the signature-defined exceptions if the method is called requesting an
authorization decision for a <a href="Sid.html" title="interface in org.springframework.security.acls.model"><code>Sid</code></a> that was never loaded in this <tt>Acl</tt>
.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>permission</code> - the permission or permissions required (at least one entry
required)</dd>
<dd><code>sids</code> - the security identities held by the principal (at least one entry
required)</dd>
<dd><code>administrativeMode</code> - if <tt>true</tt> denotes the query is for administrative
purposes and no logging or auditing (if supported by the implementation) should be
undertaken</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><tt>true</tt> if authorization is granted</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="NotFoundException.html" title="class in org.springframework.security.acls.model">NotFoundException</a></code> - MUST be thrown if an implementation cannot make an
authoritative authorization decision, usually because there is no ACL information
for this particular permission and/or SID</dd>
<dd><code><a href="UnloadedSidException.html" title="class in org.springframework.security.acls.model">UnloadedSidException</a></code> - thrown if the <tt>Acl</tt> does not have details for
one or more of the <tt>Sid</tt>s passed as arguments</dd>
</dl>
</li>
</ul>
<a id="isSidLoaded(java.util.List)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>isSidLoaded</h4>
<pre class="methodSignature">boolean&nbsp;isSidLoaded&#8203;(java.util.List&lt;<a href="Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids)</pre>
<div class="block">For efficiency reasons an <tt>Acl</tt> may be loaded and <em>not</em> contain
entries for every <tt>Sid</tt> in the system. If an <tt>Acl</tt> has been loaded
and does not represent every <tt>Sid</tt>, all methods of the <tt>Acl</tt> can only
be used within the limited scope of the <tt>Sid</tt> instances it actually
represents.
<p>
It is normal to load an <tt>Acl</tt> for only particular <tt>Sid</tt>s if read-only
authorization decisions are being made. However, if user interface reporting or
modification of <tt>Acl</tt>s are desired, an <tt>Acl</tt> should be loaded with
all <tt>Sid</tt>s. This method denotes whether or not the specified <tt>Sid</tt>s
have been loaded or not.
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>sids</code> - one or more security identities the caller is interest in knowing
whether this <tt>Sid</tt> supports</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><tt>true</tt> if every passed <tt>Sid</tt> is represented by this
<tt>Acl</tt> instance</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="Acl.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Acl.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Acl.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040d22918d5980c","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
